Skip to content

Commit

Permalink
Bug fixes 2.x pr devel 2.x (#2119)
Browse files Browse the repository at this point in the history 
* Bug fixes 2.x pr 2.x (#1771)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Managing-mime-types-nginx (#1773)

* Whitelisting ce vpn ip wazuh pr 2.x (#1775)

* Whitelisting-CE-VPN-IP-wazuh

* Fixing-wazuh-whitelist-variable

* Updating-wazuh-vars (#1777)

* add community.postgresql collection and remove varnish master release (#1779)

* Updating wazuh vars pr 2.x (#1781)

* Updating-wazuh-vars

* Updating-manager-vars

* Updating wazuh vars pr 2.x (#1783)

* Updating-wazuh-vars

* Updating-manager-vars

* Updating-wazuh-manager-active-response

* Updating-wazuh-manager-active-response-2x

* Updating wazuh vars pr 2.x (#1785)

* Updating-wazuh-vars

* Updating-manager-vars

* Updating-wazuh-manager-active-response

* Updating-wazuh-manager-active-response-2x

* Fixing-wazuh-broken-pipeline

* Updating wazuh vars pr 2.x (#1787)

* Updating-wazuh-vars

* Updating-manager-vars

* Updating-wazuh-manager-active-response

* Updating-wazuh-manager-active-response-2x

* Fixing-wazuh-broken-pipeline

* Tweaking-wazuh-vars

* r68065 mattermost role first commit (#1789)

* r68065 mattermost role first commit

* fixing linting/syntax

* reload systemd with ansible.builtin.systemd_service

* handler for postgresql reloads

* default systemd unit file for mattermost role

* r68065 install python psycopg2 (#1791)

* r68065 use psycopg binary package as compiling creates depsolve issues (#1793)

* permissions for postgres setup (#1795)

* r68065 add mattermost group before user (#1797)

* Updating-duplicity (#1804)

* enable mattermost systemd unit (#1810)

* nginx include for mattermost (#1812)

* nginx include for mattermost

* add mattermost project type

* ssl on handled by nginx role (#1814)

* fix mattermost nginx include (#1822)

* remove unsupported nginx option (#1824)

* Restore testing update pr 2.x (#1832)

* Restore-testing-update

* Restore-testing-update-2

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Resolving conflicts pr 2.x (#1834)

* Fixing-conflicts-and-updating-docs

* Fixed-conflicts

* Fixed-conflicts-2

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* initial commit - mattermost local backups (#1838)

* r69995-Updating-vhost-for-LE-validation (#1843)

Co-authored-by: Matej Stajduhar <[email protected]>

* Changing priority flexibility pr 2.x (#1841)

* Changing-priority-flexibility

* Changing-priority-flexibility-2

* Adding-aws-acl-to-meta

* Adding-cast-to-int-for-priority

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Aws acl role changes for ip set pr 2.x (#1848)

* aws_acl-role-changes-for-ip-set

* aws_acl-role-changes-for-ip-set-docs-update

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* add_php_repo_before_apt_extra_packages_task_from_common_base (#1850)

* fix_opensearch_vars (#1852)

* wait_timeout_for_opensearch_domain_creation (#1854)

* wait_timeout_for_opensearch_domain_creation

* remove trailing space

* Updating-aws-acl-task (#1856)

Co-authored-by: Matej Stajduhar <[email protected]>

* Docs update and making Ansible installation via _init an option.

* Bug fixes 2.x pr 2.x (#1859)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Bug fixes 2.x pr 2.x (#1860)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Small-changes-on-aws-acl-and-RDS-validation (#1863)

Co-authored-by: Matej Stajduhar <[email protected]>

* Updating-user-ansible-vars (#1864)

* Updating user ansible vars pr 2.x (#1867)

* Updating-user-ansible-vars

* Fixing-syntax

* add_vars_to_user_deploy_user_provision (#1869)

* Disabling-general-log-mariadb (#1871)

* Updating-aws_acl-role (#1873)

Co-authored-by: Matej Stajduhar <[email protected]>

* r70260-rkhunter-whitelist (#1877)

* fix(nginx): Remove default nginx dummy vhost that could clash with Varnish (#1750)

* fix(nginx): Remove default nginx dummy vhost that could clash with Varnish

* Fix variable naming and comment

* Implement keep_default_vhost setting

* Wazuh-var-update (#1903)

* Wazuh-agent-vars-more-readable (#1905)

* Filebeat-restart-task-wazuh (#1907)

* Filebeat restart task wazuh pr 2.x (#1909)

* Filebeat-restart-task-wazuh

* Fixing-wazuh-filebeat-restart

* Adding-gawk-to-extra-packages (#1910)

* Updating-filebeat-restart-task (#1913)

* Adding motd to exit role pr 2.x (#1915)

* Fixing-backup-validation-role-plicies

* Adding-parts-for-VPC-and-SG

* Adding-region-to-vpc-and-subnet-tasks

* Adding-region-to-vpc-and-subnet-tasks-2

* Updating-vars-for-vpc-and-subnet

* Updating-vars-for-vpc-and-subnet-2

* Updating-vars-for-vpc-and-subnet-3

* Adding-json-file-for-restore-testing

* Changing-user-where-json-file-is-generated

* Updating-json-file-location

* Updating-path-to-j2-file

* Changing-force-valkue

* Testing-file-creation

* Testing-file-creation-via-command-task

* Adding-motd-to-exit-role

* Commenting-out-task-that-will-fail

* Fixing-pipefail

* Fixing-syntax-issue

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Fixing-motd-task (#1917)

* Motd-switch-egrep-with-awk (#1919)

* Motd-task-update (#1922)

* Motd-task-update

* Restoring-deleted-task

* Fixing motd task when running on localhost pr 2.x (#1924)

* Fixing-backup-validation-role-plicies

* Fixing-motd-task-when-running-on-localhost

* Updating-when-statement

* Adding-become-true-on-motd-update

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Apt bug workaround pr 2.x (#1935)

* apt_bug_workaround

* apt_bug_workaround

* apt_bug_workaround

* apt_bug_workaround

* fix_var_logic

* Pushing-aws-backup-validation-role (#1944)

* Pushing-aws-backup-validation-role

* Fixing-linting

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* fix(redis): Convert maxmemory setting to int before comparing (#1897)

* Reverting-nginx-username (#1945)

* Reverting nginx username pr 2.x (#1947)

* Reverting-nginx-username

* Minor-fix-nginx-username

* Updating-nginx-vars (#1950)

* Documentation update.

* Fixing role dependency in NGINX role.

* Bug fixes 2.x pr 2.x (#1952)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* r70597 new system role for ipv6 disablement (#1954)

* r70597 new system role for ipv6 disablement

* fix linting problem

* add readme for system role

* Fixing-json-file-for-restore-testing (#1956)

Co-authored-by: Matej Stajduhar <[email protected]>

* Fixing json file for restore testing pr 2.x (#1957)

* Fixing-json-file-for-restore-testing

* Missing-coma-in-json

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* updating asg role to support custom rule on http and https (#1959)

Co-authored-by: filip <[email protected]>

* Adding installation path handling for Galaxy collections.

* Bug fixes 2.x pr 2.x (#1962)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Bug fixes 2.x pr 2.x (#1966)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* r70596 create swap directory (#1968)

* r70596 create swap directory

* remove stat check

* 70325 adding asg redirect pr 2.x (#1963)

* updating asg role to support custom rule on http and https

* updating readme properly

* updating docs for the asg role

---------

Co-authored-by: filip <[email protected]>

* swapfile path and clamav exclusion (#1970)

* Galaxy role pr 2.x (#1974)

* Deleting obsolete Debian 10 requirements files.

* Adding first pass at generic and reusable Ansible Galaxy role.

* Docs update.

* Updating README files.

* Updating ce_provision and ce_deploy to use ansible_galaxy role.

* Ansible Galaxy docs enhancement.

* Cannot use _ansible in variable names, reserved.

* Removing blocks for Galaxy installation, not needed.

* Variables passed to Galaxy role were wrong.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Bug fixes 2.x pr 2.x (#1975)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Bug fixes 2.x pr 2.x (#1978)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Bug fixes 2.x pr 2.x (#1980)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Updating defaults pr 2.x (#1982)

* Updated-defaults-for-aws_acl-role

* Removing-Identity-search

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Updating defaults pr 2.x (#1984)

* Updated-defaults-for-aws_acl-role

* Removing-Identity-search

* Removing-undefined-variable

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Removing-gawk-apt (#1985)

* Adding-gawk-removing-gawk-csh (#1987)

* Adding-when-statement-for-assigning-instance (#1990)

* Adding-when-statement-for-assigning-instance

* Adding-check-prior-to-assigning-resources

* Adding-check-prior-to-assigning-resources

* Adding-region-to-aws-cli-command

* Print-protected-resource

* Adding-resource-type-definition

* Resolved-conflicts

* Removing-empty-line

* Disabling-assigning-instance-to-restore-testing-plan

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Matching-2.x-and-devel-branches (#1999)

Co-authored-by: Matej Stajduhar <[email protected]>

* Adding-aws-ses-role (#2003)

* Adding-aws-ses-role

* Removing-python-script

* Changing-domain-name

* Using-variable-for-domain-name

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Resolving-conflicts (#2015)

Co-authored-by: Matej Stajduhar <[email protected]>

* Resolving-conflicts (#2018)

Co-authored-by: Matej Stajduhar <[email protected]>

* Updating nginx ssl le roles pr 2.x (#2021)

* Updating-nginx-SSL-LE-roles

* Updating-nginx-vars

* r70260 Option to ignore false-positive shared memory segment warnings (#2023)

* Adding-wazuh-ossec-from-enigma00a (#2027)

* Updating-gitlab-runner-env (#2031)

* r70987-decom-vpn-guest (#2034)

* r70797 nodhcp module in system role for hetzner cloud systems (#2036)

* r70797 nodhcp module in system role for hetzner cloud systems

* fix syntax

* r70797 set pipefail to resolve linting failure

* fix pipefail with bash (#2038)

* fix var in templ (#2040)

* R70928 adding webroot option for le ssl task and fixing looping over domains pr 2.x (#2042)

* r70928-adding-webroot-option-for-LE-SSL-task-and-fixing-looping-over-domains

* Changing-LE-cron

* Changing-script-from-sh-to-bash

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Updating-local-ossec-rules (#2045)

* Updating-local-ossec-rules

* Fixing-syntax

* Updating-wazuh-vars (#2048)

* Updating-wazuh-vars

* Changing-var-defaults

* Removing-wrong-variables

* r70260-rkhunter-tested-good-tweaks (#2051)

* Fixing-LE-renew-timer (#2052)

Co-authored-by: Matej Stajduhar <[email protected]>

* R70260 rkhunter tweak portpathwhitelist pr 2.x (#2055)

* r70260-rkhunter-tweak-portpathwhitelist TEST

* sanitise portpath items

* Updating-system-role-condition (#2056)

* Updating system role condition pr 2.x (#2059)

* Updating-system-role-condition

* Updating-system-role-condition-v2

* r71121-tweak-nohetznerdhcp-condition (#2061)

* Changing-aws-acl-when-statement (#2063)

Co-authored-by: Matej Stajduhar <[email protected]>

* R71127 r71052 check pr 2.x (#2073)

* r71127-r71052-attemt-to-workaround-elb-module-change-or-bug

* debug alb issue

* revert changes as the bug is outside of ce-provision https://github.com/ansible-collections/amazon.aws/issues/2376

* Newer aws collection test pr 2.x (#2077)

* newer_aws_collection_test

* 8.2.1 didnt work, back to 8.0.1

* r71171-efs-client-upgrade (#2079)

* Turning-off-ami-cleanup-task (#2083)

Co-authored-by: Matej Stajduhar <[email protected]>

* Changing subnet for rds pr 2.x (#2087)

* Changing-subnet-for-RDS

* Uncommenting-tasks

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* fix(debian/duplicity): Fix missing compilation dependencies (#2029)

* fix(php-fpm): Set a good process children default for bigger servers (#1895)

* fix(php-fpm): Set a good process children default for bigger servers

* Fix min max logic

* formatting

* Fixing-RDS-backup-validation (#2089)

Co-authored-by: Matej Stajduhar <[email protected]>

* Updating-postfix-default-transport-maps (#2092)

* Updating CI to 2.x.

* Defending against missing Ansible.

* Making the ce-provision-config branch in CI dynamic.

* We do not want a 'ce-dev provision' because it breaks our controller.

* Reverting 'ce-dev provision' change.

* Trying a different ansible_facts var.

* Testing using the source branch in ce-dev.

* Setting max_childen to an integer to avoid CI issues.

* Trying to change the python interpreter used.

* Adding platform and cgroup values to ce-dev compose template.

* Updated lambda backup validation reporting pr 2.x (#2099)

* Updated-lambda-backup-validation-reporting

* Updating-docs

* Updating-lambda-handler

* Adding-region-to-cloudwatch-task

* Trimming-version-number-from-lambda

* Fixing-text-manipulation

* Updating-arn-for-cloudwatch-task

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Trying latest ubuntu containers in GitHub Actions.

* Fixing the test.sh script to work with venvs.

* Documentation for PHP in CI.

* Bug fixes 2.x pr 2.x (#2096)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Updating CI to 2.x.

* Defending against missing Ansible.

* Making the ce-provision-config branch in CI dynamic.

* We do not want a 'ce-dev provision' because it breaks our controller.

* Reverting 'ce-dev provision' change.

* Trying a different ansible_facts var.

* Testing using the source branch in ce-dev.

* Setting max_childen to an integer to avoid CI issues.

* Trying to change the python interpreter used.

* Adding platform and cgroup values to ce-dev compose template.

* Trying latest ubuntu containers in GitHub Actions.

* Fixing the test.sh script to work with venvs.

* Documentation for PHP in CI.

* Adding GitLab test back in.

* Fixing role namespaces.

* Avoiding-backup-restoration-for-dev-env (#2108)

Co-authored-by: Matej Stajduhar <[email protected]>

* Updating-nodejs-to-nodistro (#2094)

* Updating-nodejs-to-nodistro

* Fixing-nodejs-unattended-upgrades

* r71344-Updating-aws-acl-role (#2111)

Co-authored-by: Matej Stajduhar <[email protected]>

* r71344-Updating-aws-acl-role (#2112)

* r71344-Updating-aws-acl-role

* Adding-option-to-avoid-recreating-ACLs

* Updating-aws-acl-vars

* Updating-aws-acl-vars-2

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Fixing-non-utf8-item (#2116)

Co-authored-by: Matej Stajduhar <[email protected]>

* Fixing non utf8 item pr 2.x (#2117)

* Fixing-non-utf8-item

* Changing-var-name-for-when-condition

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Minor bug fixes to ce-provision installer.

* Testing installing ce-provision in the GitHub Actions container directly.

* Using the submitted install script as well.

* Trying as runner user.

* Trying to use the ce-dev base container.

* Fixing-utf8 (#2129)

* Fixing utf8-2.x (#2131)

* Fixing-utf8

* Adding-debug

* Changing-lambda-creation-from-tip-file-to-s3 (#2122)

* Changing-lambda-creation-from-tip-file-to-s3

* Fixing-syntax-error

* indentation-fix

* Finishing-backup-valdation-role

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Updating email notification title pr 2.x (#2140)

* Updating-email-notification-title

* Resolving-conflicts

* Resolving-conflicts-2

---------

Co-authored-by: Matej Stajduhar <[email protected]>

* Adding-defaults-to-max-children (#2141)

* Adding defaults to max children pr 2.x (#2144)

* Adding-defaults-to-max-children

* Updating-max-children

* Updating-php-defaults (#2145)

* Updating php defaults pr 2.x (#2147)

* Updating-php-defaults

* Updating-php-defaults

* Updating-php-defaults

* Updating key name.

* Suppressing systemd actions in Docker.

* Seems Ansible flags have changed.

* Still trying to get --extra-vars right!

* Catching Ansible Galaxy upgrade timers for docker containers.

* Trying to force --roles-path for Galaxy.

* Trying different quotes.

* Missed a line.

* Trying a different approach to passing vars.

* Adding some debug.

* Running ce-python debug first.

* Trying moving to the ce-provision directory.

* Checking the specific path to galaxy roles in ce-provision.

* Trying as controller user again.

* Trying to make the roles dir.

* Being consistent about paths in bash.

* Removing debug lines for now.

---------

Co-authored-by: drazenCE <[email protected]>
Co-authored-by: nfawbert <[email protected]>
Co-authored-by: Matej Štajduhar <[email protected]>
Co-authored-by: Matej Stajduhar <[email protected]>
Co-authored-by: tymofiisobchenko <[email protected]>
Co-authored-by: Klaus Purer <[email protected]>
Co-authored-by: Filip Rupic <[email protected]>
Co-authored-by: filip <[email protected]>
  • Loading branch information
@gregharvey @drazenCE
@nfawbert @matej5 @tymofiisobchenko @klausi @filiprupic
9 people authored Dec 16, 2024
1 parent 04ff502 commit 014a43b
Show file tree
Hide file tree
Showing 4 changed files with 139 additions and 103 deletions.
58 changes: 38 additions & 20 deletions .github/workflows/ce-provision-test-web.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,31 +12,49 @@ jobs:
# Set the type of machine to run on
runs-on: ubuntu-latest

# Use our ce-dev Debian base container
container:
image: codeenigma/ce-dev:2.x

steps:
# Checks out a copy of your repository on the ubuntu-latest machine
- name: Checkout code
if: ${{ github.event.pull_request.head.ref != 'documentation' }}
uses: actions/checkout@v2
#- name: Checkout code
# if: ${{ github.event.pull_request.head.ref != 'documentation' }}
# uses: actions/checkout@v2

# Installs the ce-dev stack
- name: Install ce-dev
# Installs ce-provision
- name: Install ce-provision
if: ${{ github.event.pull_request.head.ref != 'documentation' }}
run: |
cd /tmp
wget https://golang.org/dl/go1.15.8.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.15.8.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
git clone https://github.com/FiloSottile/mkcert && cd mkcert
go build -ldflags "-X main.Version=$(git describe --tags)"
sudo mv ./mkcert /usr/local/bin && cd ../
sudo chmod +x /usr/local/bin/mkcert
rm -Rf mkcert
curl -sL https://raw.githubusercontent.com/codeenigma/ce-dev/${{ github.event.pull_request.base.ref }}/install.sh | /bin/sh -s -- --platform linux
curl -LO https://raw.githubusercontent.com/codeenigma/ce-provision/${{ github.event.pull_request.head.ref }}/install.sh
chmod +x ./install.sh
sudo ./install.sh --version ${{ github.event.pull_request.head.ref }} --config-branch ${{ github.event.pull_request.base.ref }} --docker
# Uses the ce-dev stack to run a test provision
- name: Run a test provision
# Run a web server provision
- name: Provision a test web server
if: ${{ github.event.pull_request.head.ref != 'documentation' }}
run: |
git clone --branch ${{ github.event.pull_request.base.ref }} https://github.com/codeenigma/ce-dev-ce-provision-config.git config
/bin/bash ce-dev/ansible/test.sh --examples web --own-branch ${{ github.event.pull_request.head.ref }} --config-branch ${{ github.event.pull_request.base.ref }}
shell: bash
/bin/sh /home/runner/ce-provision/scripts/provision.sh --python-interpreter /home/runner/ce-python/bin/python3 --repo dummy --branch dummy --workspace /home/runner/ce-provision/ce-dev/ansible --playbook plays/web/web.yml --own-branch ${{ github.event.pull_request.head.ref }} --config-branch ${{ github.event.pull_request.base.ref }} --force
# Installs the ce-dev stack
#- name: Install ce-dev
# if: ${{ github.event.pull_request.head.ref != 'documentation' }}
# run: |
# cd /tmp
# wget https://golang.org/dl/go1.15.8.linux-amd64.tar.gz
# sudo tar -C /usr/local -xzf go1.15.8.linux-amd64.tar.gz
# export PATH=$PATH:/usr/local/go/bin
# git clone https://github.com/FiloSottile/mkcert && cd mkcert
# go build -ldflags "-X main.Version=$(git describe --tags)"
# sudo mv ./mkcert /usr/local/bin && cd ../
# sudo chmod +x /usr/local/bin/mkcert
# rm -Rf mkcert
# curl -sL https://raw.githubusercontent.com/codeenigma/ce-dev/${{ github.event.pull_request.base.ref }}/install.sh | /bin/sh -s -- --platform linux

# Uses the ce-dev stack to run a test provision
#- name: Run a test provision
# if: ${{ github.event.pull_request.head.ref != 'documentation' }}
# run: |
# git clone --branch ${{ github.event.pull_request.base.ref }} https://github.com/codeenigma/ce-dev-ce-provision-config.git config
# /bin/bash ce-dev/ansible/test.sh --examples web --own-branch ${{ github.event.pull_request.head.ref }} --config-branch ${{ github.event.pull_request.base.ref }}
# shell: bash
175 changes: 94 additions & 81 deletions install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,20 @@ set -e
. /etc/os-release

usage(){
echo 'install.sh [OPTIONS]'
echo 'Install the latest ce-provision version, or the version specified as option.'
echo 'Please ensure you are using Debian Linux or similar and at least Bullseye (11) or higher.'
echo ''
echo 'Available options:'
echo '--version: ce-provision version to use (default: 2.x)'
echo '--user: Ansible controller user (default: controller)'
echo '--config: Git URL to your ce-provision Ansible config repository (default: https://github.com/codeenigma/ce-provision-config-example.git)'
echo '--config-branch: branch of your Ansible config repository to use (default: 1.x)'
echo '--gitlab: install GitLab CE on this server (default: no, set to desired GitLab address to install, e.g. gitlab.example.com)'
echo '--letsencrypt: try to create an SSL certificate with LetsEncrypt (requires DNS pointing at this server for provided GitLab URL)'
echo '--aws: enable AWS support'
echo ''
/usr/bin/echo 'install.sh [OPTIONS]'
/usr/bin/echo 'Install the latest ce-provision version, or the version specified as option.'
/usr/bin/echo 'Please ensure you are using Debian Linux or similar and at least Bullseye (11) or higher.'
/usr/bin/echo ''
/usr/bin/echo 'Available options:'
/usr/bin/echo '--version: ce-provision version to use (default: 2.x)'
/usr/bin/echo '--user: Ansible controller user (default: controller)'
/usr/bin/echo '--config: Git URL to your ce-provision Ansible config repository (default: https://github.com/codeenigma/ce-provision-config-example.git)'
/usr/bin/echo '--config-branch: branch of your Ansible config repository to use (default: 1.x)'
/usr/bin/echo '--gitlab: install GitLab CE on this server (default: no, set to desired GitLab address to install, e.g. gitlab.example.com)'
/usr/bin/echo '--letsencrypt: try to create an SSL certificate with LetsEncrypt (requires DNS pointing at this server for provided GitLab URL)'
/usr/bin/echo '--aws: enable AWS support'
/usr/bin/echo '--docker: script is running in a Docker container'
/usr/bin/echo ''
}

# Parse options arguments.
Expand Down Expand Up @@ -51,6 +52,9 @@ parse_options(){
"--aws")
AWS_SUPPORT="true"
;;
"--docker")
IS_LOCAL="true"
;;
*)
usage
exit 1
Expand All @@ -68,6 +72,7 @@ CONFIG_REPO_BRANCH="1.x"
GITLAB_URL="no"
LE_SUPPORT="no"
AWS_SUPPORT="false"
IS_LOCAL="false"
SERVER_HOSTNAME=$(hostname)

# Parse options.
Expand All @@ -83,76 +88,77 @@ if [ "$(id -u)" -ne 0 ]
then echo "Please run this script as root or using sudo!"
exit
fi

# Check we are using a compatible Linux distribution.
if [ "$ID" != "debian" ]; then
if [ "$ID_LIKE" != "debian" ]; then
echo "ce-provision only supports Debian Linux and derivatives."
/usr/bin/echo "ce-provision only supports Debian Linux and derivatives."
exit 0
else
echo "ce-provision works best with Debian Linux, it may work with this distro but no promises!"
echo "-------------------------------------------------"
echo "Carrying on regardless..."
echo "-------------------------------------------------"
/usr/bin/echo "ce-provision works best with Debian Linux, it may work with this distro but no promises!"
/usr/bin/echo "-------------------------------------------------"
/usr/bin/echo "Carrying on regardless..."
/usr/bin/echo "-------------------------------------------------"
fi
fi

echo "Beginning ce-provision installation."
echo "-------------------------------------------------"
/usr/bin/echo "Beginning ce-provision installation."
/usr/bin/echo "-------------------------------------------------"

# Create required user.
echo "Check if user named $CONTROLLER_USER exists."
/usr/bin/echo "Check if user named $CONTROLLER_USER exists."
# Check if user exists
if id "$CONTROLLER_USER" >/dev/null 2>&1; then
echo "The user named $CONTROLLER_USER already exists. Skipping."
if /usr/bin/id "$CONTROLLER_USER" >/dev/null 2>&1; then
/usr/bin/echo "The user named $CONTROLLER_USER already exists. Skipping."
else
# User not found so let's create them.
echo "Create user named $CONTROLLER_USER."
/usr/bin/echo "Create user named $CONTROLLER_USER."
/usr/sbin/useradd -s /bin/bash "$CONTROLLER_USER"
echo "$CONTROLLER_USER":"$CONTROLLER_USER" | chpasswd -m
install -m 755 -o "$CONTROLLER_USER" -g "$CONTROLLER_USER" -d /home/"$CONTROLLER_USER"
install -m 700 -o "$CONTROLLER_USER" -g "$CONTROLLER_USER" -d /home/"$CONTROLLER_USER"/.ssh
echo root:"$CONTROLLER_USER" | chpasswd -m
echo "$CONTROLLER_USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/"$CONTROLLER_USER"
chmod 0440 /etc/sudoers.d/"$CONTROLLER_USER"
/usr/bin/echo "$CONTROLLER_USER":"$CONTROLLER_USER" | chpasswd -m
/usr/bin/install -m 755 -o "$CONTROLLER_USER" -g "$CONTROLLER_USER" -d /home/"$CONTROLLER_USER"
/usr/bin/install -m 700 -o "$CONTROLLER_USER" -g "$CONTROLLER_USER" -d /home/"$CONTROLLER_USER"/.ssh
/usr/bin/echo root:"$CONTROLLER_USER" | chpasswd -m
/usr/bin/echo "$CONTROLLER_USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/"$CONTROLLER_USER"
/usr/bin/chmod 0440 /etc/sudoers.d/"$CONTROLLER_USER"
fi
echo "-------------------------------------------------"
/usr/bin/echo "-------------------------------------------------"

# Install APT packages.
echo "Install required packages."
echo "-------------------------------------------------"
/usr/bin/echo "Install required packages."
/usr/bin/echo "-------------------------------------------------"
/usr/bin/apt-get update
/usr/bin/apt-get dist-upgrade -y -o Dpkg::Options::="--force-confnew"
/usr/bin/apt-get install -y -o Dpkg::Options::="--force-confnew" \
git ca-certificates git-lfs \
openssh-client nfs-common stunnel4 \
python3-venv python3-debian \
zip unzip gzip tar dnsutils
echo "-------------------------------------------------"
/usr/bin/echo "-------------------------------------------------"

# Install Ansible in a Python virtual environment.
echo "Install Ansible and dependencies."
echo "-------------------------------------------------"
su - "$CONTROLLER_USER" -c "/usr/bin/python3 -m venv /home/$CONTROLLER_USER/ce-python"
su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/python3 -m pip install --upgrade pip"
su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/pip install ansible netaddr python-debian"
su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/ansible-galaxy -p /home/$CONTROLLER_USER/.ansible/collections/ansible_collections collection install ansible.posix --force"
/usr/bin/echo "Install Ansible and dependencies."
/usr/bin/echo "-------------------------------------------------"
/usr/bin/su - "$CONTROLLER_USER" -c "/usr/bin/python3 -m venv /home/$CONTROLLER_USER/ce-python"
/usr/bin/su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/python3 -m pip install --upgrade pip"
/usr/bin/su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/pip install ansible netaddr python-debian"
/usr/bin/su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/ansible-galaxy collection install ansible.posix -p /home/$CONTROLLER_USER/.ansible/collections/ansible_collections --force"
if [ "$AWS_SUPPORT" = "true" ]; then
su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/pip install boto3"
/usr/bin/su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/pip install boto3"
fi
echo "-------------------------------------------------"
/usr/bin/echo "-------------------------------------------------"

# Install ce-provision.
echo "Install ce-provision."
echo "-------------------------------------------------"
/usr/bin/echo "Install ce-provision."
/usr/bin/echo "-------------------------------------------------"
if [ ! -d "/home/$CONTROLLER_USER/ce-provision" ]; then
su - "$CONTROLLER_USER" -c "git clone --branch $VERSION https://github.com/codeenigma/ce-provision.git /home/$CONTROLLER_USER/ce-provision"
/usr/bin/su - "$CONTROLLER_USER" -c "git clone --branch $VERSION https://github.com/codeenigma/ce-provision.git /home/$CONTROLLER_USER/ce-provision"
else
echo "ce-provision directory at /home/$CONTROLLER_USER/ce-provision already exists. Skipping."
echo "-------------------------------------------------"
/usr/bin/echo "ce-provision directory at /home/$CONTROLLER_USER/ce-provision already exists. Skipping."
/usr/bin/echo "-------------------------------------------------"
fi
/usr/bin/mkdir -p "/home/$CONTROLLER_USER/ce-provision/galaxy/roles"
# Create playbook for ce-provision.
/usr/bin/cat >"/home/$CONTROLLER_USER/ce-provision/provision.yml" << EOL
/bin/cat >"/home/$CONTROLLER_USER/ce-provision/provision.yml" << EOL
---
- hosts: "localhost"
become: true
Expand All @@ -164,7 +170,7 @@ fi
name: debian/ce_provision
EOL
# Create vars file.
/usr/bin/cat >"/home/$CONTROLLER_USER/ce-provision/vars.yml" << EOL
/bin/cat >"/home/$CONTROLLER_USER/ce-provision/vars.yml" << EOL
_domain_name: ${SERVER_HOSTNAME}
_ce_provision_data_dir: /home/${CONTROLLER_USER}/ce-provision/data
_ce_provision_username: ${CONTROLLER_USER}
Expand All @@ -176,7 +182,9 @@ ce_provision:
aws_support: ${AWS_SUPPORT}
new_user: ${CONTROLLER_USER}
username: ${CONTROLLER_USER}
public_key_name: id_rsa.pub
ssh_key_bits: "521"
ssh_key_type: ecdsa
public_key_name: id_ecdsa.pub
own_repository: "https://github.com/codeenigma/ce-provision.git"
own_repository_branch: "${VERSION}"
own_repository_skip_checkout: false
Expand Down Expand Up @@ -216,13 +224,18 @@ firewall_config:
- "80"
- "443"
EOL
su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml"
rm "/home/$CONTROLLER_USER/ce-provision/provision.yml"
# Tell Ansible this is a Docker container
if [ "$IS_LOCAL" = "true" ]; then
/usr/bin/su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{is_local: $IS_LOCAL, ansible_galaxy.extra_params: --force --roles-path /home/$CONTROLLER_USER/ce-provision/galaxy/roles}\" /home/$CONTROLLER_USER/ce-provision/provision.yml"
else
/usr/bin/su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{ansible_galaxy.extra_params: --force --roles-path /home/$CONTROLLER_USER/ce-provision/galaxy/roles}\" /home/$CONTROLLER_USER/ce-provision/provision.yml"
fi
/usr/bin/rm "/home/$CONTROLLER_USER/ce-provision/provision.yml"
# Create playbook for firewall.
echo "-------------------------------------------------"
echo "Install firewall."
echo "-------------------------------------------------"
/usr/bin/cat >"/home/$CONTROLLER_USER/ce-provision/provision.yml" << EOL
/usr/bin/echo "-------------------------------------------------"
/usr/bin/echo "Install firewall."
/usr/bin/echo "-------------------------------------------------"
/bin/cat >"/home/$CONTROLLER_USER/ce-provision/provision.yml" << EOL
---
- hosts: "localhost"
become: true
Expand All @@ -233,15 +246,15 @@ echo "-------------------------------------------------"
ansible.builtin.import_role:
name: debian/firewall_config
EOL
su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml"
echo "-------------------------------------------------"
/usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml"
/usr/bin/echo "-------------------------------------------------"

# Install GitLab
if [ "$GITLAB_URL" != "no" ]; then
echo "Install GitLab."
echo "-------------------------------------------------"
/usr/bin/echo "Install GitLab."
/usr/bin/echo "-------------------------------------------------"
# Create playbook.
/usr/bin/cat >"/home/$CONTROLLER_USER/ce-provision/provision.yml" << EOL
/bin/cat >"/home/$CONTROLLER_USER/ce-provision/provision.yml" << EOL
---
- hosts: "localhost"
become: true
Expand All @@ -256,7 +269,7 @@ if [ "$GITLAB_URL" != "no" ]; then
name: debian/gitlab
EOL
# Create vars file.
/usr/bin/cat >"/home/$CONTROLLER_USER/ce-provision/vars.yml" << EOL
/bin/cat >"/home/$CONTROLLER_USER/ce-provision/vars.yml" << EOL
gitlab_runner:
apt_origin: "origin=packages.gitlab.com/runner/gitlab-runner,codename=\${distro_codename},label=gitlab-runner" # used by apt_unattended_upgrades
apt_signed_by: https://packages.gitlab.com/runner/gitlab-runner/gpgkey
Expand Down Expand Up @@ -309,47 +322,47 @@ gitlab:
custom_nginx_config: ""
EOL
if [ "$LE_SUPPORT" = "yes" ]; then
echo "Will try to create an SSL certificate with LetsEncrypt."
echo "*** THIS STEP WILL FAIL IF YOUR DNS IS NOT CORRECT! ***"
/usr/bin/echo "Will try to create an SSL certificate with LetsEncrypt."
/usr/bin/echo "*** THIS STEP WILL FAIL IF YOUR DNS IS NOT CORRECT! ***"
if [ -n "$(dig +short "$GITLAB_URL".)" ]; then
echo "DNS record found, attempting LetsEncrypt request..."
/usr/bin/echo "DNS record found, attempting LetsEncrypt request..."
# Write GitLab vars with LE for SSL
cat <<EOT >> "/home/$CONTROLLER_USER/ce-provision/vars.yml"
/bin/cat <<EOT >> "/home/$CONTROLLER_USER/ce-provision/vars.yml"
letsencrypt: "true"
ssl:
enabled: false
EOT
echo "-------------------------------------------------"
/usr/bin/echo "-------------------------------------------------"
else
echo "No DNS found for provided URL, will create a self-signed certificate instead."
/usr/bin/echo "No DNS found for provided URL, will create a self-signed certificate instead."
# Write GitLab vars with self-signed SSL
cat <<EOT >> "/home/$CONTROLLER_USER/ce-provision/vars.yml"
/bin/cat <<EOT >> "/home/$CONTROLLER_USER/ce-provision/vars.yml"
letsencrypt: "false"
ssl:
enabled: true
handling: selfsigned
replace_existing: false
EOT
echo "-------------------------------------------------"
/usr/bin/echo "-------------------------------------------------"
fi
else
# Write GitLab vars with self-signed SSL
echo "Create a self-signed SSL certificate."
cat <<EOT >> "/home/$CONTROLLER_USER/ce-provision/vars.yml"
/usr/bin/echo "Create a self-signed SSL certificate."
/bin/cat <<EOT >> "/home/$CONTROLLER_USER/ce-provision/vars.yml"
letsencrypt: "false"
ssl:
enabled: true
handling: selfsigned
replace_existing: false
EOT
echo "-------------------------------------------------"
/usr/bin/echo "-------------------------------------------------"
fi
su - "$CONTROLLER_USER" -c "/home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml"
echo "-------------------------------------------------"
/usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml"
/usr/bin/echo "-------------------------------------------------"
else
echo "GitLab not requested. Skipping."
echo "-------------------------------------------------"
/usr/bin/echo "GitLab not requested. Skipping."
/usr/bin/echo "-------------------------------------------------"
fi
rm "/home/$CONTROLLER_USER/ce-provision/vars.yml"
rm "/home/$CONTROLLER_USER/ce-provision/provision.yml"
echo "DONE."
/usr/bin/rm "/home/$CONTROLLER_USER/ce-provision/vars.yml"
/usr/bin/rm "/home/$CONTROLLER_USER/ce-provision/provision.yml"
/usr/bin/echo "DONE."
4 changes: 3 additions & 1 deletion roles/debian/ansible/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,9 @@
dest: "/etc/profile.d/ansible-path.sh"

- name: Install systemd timer.
when: ce_ansible.upgrade.enabled
when:
- ce_ansible.upgrade.enabled
- not is_local
block:
- name: Build systemd timer variables string.
ansible.builtin.set_fact:
Expand Down
Loading

0 comments on commit 014a43b

Please sign in to comment.